Secure Web forms for payment | ansaurus

tags:

security

views:

35

answers:

1

Q:

Secure Web forms for payment

Hi, there probably plenty of you here who have done secure payment forms in their life, so am i. My question is general what from your experience is "more right" way to process these forms. I'm not talking about SSL or server based security but about programming itself using pseudo code ...

Thanks

A:

Besides having the page protected with valid certificate and SSL, You need to validate all field, use parameters when sending the data, check for Injections of any kinds, and try to use an many listbox as possible and as little free texts..

thats my 2 cents on payment security.

If you want to protect your site from phishing attacks - you should also use some anti-phishing mechanism (like a personalized pictures)

and to protect against bots (very annoying) use captcha....

Dani 2009-11-11 14:14:36

What does personalized pictures mean ?Don't you think captcha damages form's accessibility. I know plenty of 30+ years old with little knowledge in internet for whom captcha on secure form may seem like a puzzle so i will end up with loss of 30%-60% ( depends on product type )

eugeneK 2009-11-11 14:25:54

Personalized picture is advanced technique - not for random access user but for returning one, it is used by banks.about captcha - to avoid this problems one should use a simple clear captcha and not a psychedelic one... even a simple 4 letters jpg can do the work in most cases.

Dani 2009-11-15 08:28:56

related questions

Encryption in C# Web-Services

How Do You Secure database.yml?

ASP.NET LocationProvider

What do you (or your company) use for wiping a machine?

Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

Java: What is the best way to SFTP a file from a server

How do I call a Flex SWF from a remote domain using Flash (AS3) ?

Best way to store a database password in a startup script / config file?

Using VM to get around VPN restrictions

Best references for secure coding practices in ASP.NET and classic ASP.

Secure Memory Allocator in C++

Resolving Session Fixation in JBoss

Best Practices for securing a REST API / web service

Defensive programming

Personal Linux web server

Block user access to internals of a site using HTTP_REFERER

Is there an Unobtrusive Captcha for web forms?

My website got hacked... What should I do?

What all do I need to escape when sending a (My)SQL query?

How do you disable browser Autocomplete on web form field / input tag?

Best .NET obfuscation tools/strategy

Are there best practices for testing security in an Agile development shop?

What is the best way to avoid SQL injection attacks?

Found a critical bug, but the company doesn't care

PHP Session Security